Home Security Cuba Ransomware Extorted Over $60 Million in Ransom Charges from Greater than 100 Entities

Cuba Ransomware Extorted Over $60 Million in Ransom Charges from Greater than 100 Entities

by crpt os


The threat actors behind Cuba (aka COLDDRAW) ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022.

In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), the agencies highlighted a “sharp increase in both the number of compromised U.S. entities and the ransom amounts.”

The ransomware crew, also known as Tropical Scorpius, has been observed targeting financial services, government facilities, healthcare, critical manufacturing, and IT sectors, while simultaneously expanding its tactics to gain initial access and interact with breached networks.

CyberSecurity

The entry point for the attacks involves the exploitation of known security flaws, phishing, compromised credentials, and legitimate remote desktop protocol (RDP) tools, followed by distributing the ransomware via Hancitor (aka Chanitor).

Some of the flaws incorporated by Cuba into its toolset are as follows –

  • CVE-2022-24521 (CVSS score: 7.8) – An elevation of privilege vulnerability in Windows Common Log File System (CLFS) Driver
  • CVE-2020-1472 (CVSS score: 10.0) – An elevation of privilege vulnerability in Netlogon remote protocol (aka ZeroLogon)

“In addition to deploying ransomware, the actors have used ‘double extortion’ techniques, in which they exfiltrate victim data, and (1) demand a ransom payment to decrypt it and, (2) threaten to publicly release it if a ransom payment is not made,” CISA noted.

Cuba is also said to share links with the operators of RomCom RAT and another ransomware family called Industrial Spy, according to recent findings from BlackBerry and Palo Alto Networks Unit 42.

The RomCom RAT is distributed through trojanized versions of legitimate software such as SolarWinds Network Performance Monitor, KeePass, PDF Reader Pro, and Advanced IP Scanner, pdfFiller, and Veeam Backup & Replication that are hosted on counterfeit lookalike websites.

The advisory from CISA and FBI is the latest in a series of alerts about different ransomware strains in recent months such as MedusaLocker, Zeppelin, Vice Society, Daixin Team, and Hive.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex